Bug #7677
Cert manager not creating server cert
Start date:
07/06/2017
Due date:
% Done:
100%
Estimated time:
Affected Version:
2.4
Affected Architecture:
Description
Current snap
2.4.0-BETA (amd64)
built on Thu Jul 06 07:22:07 CDT 2017
FreeBSD 11.0-RELEASE-p10
Cert Manager not creating server certs. Not sure if affecting previous snaps.
Associated revisions
History
#1
Updated by Jim Pingle over 3 years ago
- Status changed from New to Assigned
- Assignee set to Jim Pingle
I'm in the middle of some certificate work. It should have been in an OK state when I left it yesterday but it's possible there is an issue. I'll look into it while I'm finishing up everything else I'm working on.
#2
Updated by Jim Pingle over 3 years ago
- Status changed from Assigned to Feedback
- % Done changed from 0 to 100
Applied in changeset 0c82b8c2a77bba6b2b3ab42a880c0e478ebc70f6.
Restructure how certificate types and SANs are handled in the cert manager when making a Cert/CSR/Signing, so each section can properly use the controls without duplicating. It is now possible to add SANs and EKUs to certificates when signing using the certificate manager. Fixes #7527 and also Fixes #7677
NOTE: Attributes such as SANs and KU/EKU cannot be copied from a CSR when signing due to a deficiency in OpenSSL's x509 functions (they do not support "copy_extensions" at this time). They must be specified manually.